fixed issue 39229: do not make publicly available reference data files
authorAsier Lostalé <asier.lostale@openbravo.com>
Fri, 07 Sep 2018 11:46:19 +0200
changeset 34763 701d003b887b
parent 34762 038384250ba9
child 34764 9a51de54cd96
fixed issue 39229: do not make publicly available reference data files

Reference data and COA files should be internally accessible from Tomcat, but
they shouldn't be publicly available to be downloaded.

Moved them to the non public WEB-INF directory.
src/build.xml
src/org/openbravo/erpCommon/businessUtility/COAUtility.java
src/org/openbravo/erpCommon/businessUtility/InitialSetupUtility.java
--- a/src/build.xml	Fri Sep 07 11:37:29 2018 +0200
+++ b/src/build.xml	Fri Sep 07 11:46:19 2018 +0200
@@ -414,13 +414,13 @@
       <mapper type="regexp" from="(.*\${file.separator}lib\${file.separator}runtime)(.*)" to="\2" />
     </copy>
 
-    <copy todir="${base.context}/referencedata/standard/org.openbravo">
+    <copy todir="${base.context}/WEB-INF/referencedata/standard/org.openbravo">
       <fileset dir="${basedir}/../referencedata/standard">
         <include name="*.xml" />
       </fileset>
     </copy>
 
-    <copy todir="${base.context}/referencedata">
+    <copy todir="${base.context}/WEB-INF/referencedata">
       <fileset dir="${base.modules}">
         <include name="*/referencedata/standard/*.xml" />
         <include name="*/referencedata/accounts/COA.csv" />
--- a/src/org/openbravo/erpCommon/businessUtility/COAUtility.java	Fri Sep 07 11:37:29 2018 +0200
+++ b/src/org/openbravo/erpCommon/businessUtility/COAUtility.java	Fri Sep 07 11:46:19 2018 +0200
@@ -191,7 +191,7 @@
   public static InputStream getCOAResource(Module coaModule) throws FileNotFoundException {
     OBContext.setAdminMode();
     try {
-      String coaPath = "/referencedata/accounts/" + coaModule.getJavaPackage() + "/COA.csv";
+      String coaPath = "/WEB-INF/referencedata/accounts/" + coaModule.getJavaPackage() + "/COA.csv";
       InputStream inputStream = RequestContext.getServletContext().getResourceAsStream(coaPath);
       if (inputStream == null) {
         throw new FileNotFoundException(RequestContext.getServletContext().getRealPath(coaPath));
--- a/src/org/openbravo/erpCommon/businessUtility/InitialSetupUtility.java	Fri Sep 07 11:37:29 2018 +0200
+++ b/src/org/openbravo/erpCommon/businessUtility/InitialSetupUtility.java	Fri Sep 07 11:46:19 2018 +0200
@@ -1686,8 +1686,8 @@
 
     OBContext.setAdminMode();
     try {
-      String xmlPath = "/referencedata/standard/" + dataset.getModule().getJavaPackage() + "/"
-          + Utility.wikifiedName(dataset.getName()) + ".xml";
+      String xmlPath = "/WEB-INF/referencedata/standard/" + dataset.getModule().getJavaPackage()
+          + "/" + Utility.wikifiedName(dataset.getName()) + ".xml";
 
       String strXml = null;
       try (InputStream r = RequestContext.getServletContext().getResourceAsStream(xmlPath)) {